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Comparing Asynchronous /-Complete 
Approximations and Quotient Based Abstractions 

Anne-Kathrin Schmuck, Paulo Tabuada, Jorg Raisch 


Abstract 

This paper is concerned with a detailed comparison of two different abstraction techniques for the construction of finite 
state symbolic models for controller synthesis of hybrid systems. Namely, we compare quotient based abstractions (QBA), e.g., 
described in [11, Part II] with different realizations of strongest (asynchronous) Z-complete approximations (SAZCA) from [4], 
[8]. Even though the idea behind their construction is very similar, we show that they are generally incomparable both in terms 
of behavioral inclusion and similarity relations. We therefore derive necessary and sufficient conditions for QBA to coincide with 
particular realizations of SAICA. Depending on the original system, either QBA or SAZCA can be a tighter abstraction. 

Index Terms 

Finite State Abstraction, Simulation Relations, Behavioral Systems Theory, Realizations 


I. Introduction 

The increasing interconnection of physical components and digital hardware in today’s engineering systems causes challenges 
that have been investigated by both the control and the computer science community. Although some efforts have been made 
to bring these parallel advances together, there are still considerable gaps between concepts in both fields addressing very 
similar questions. In this paper, we provide a step towards connecting two methods for the construction of finite state symbolic 
abstractions inspired by these two communities. 

Systems where digital hardware is connected to physical components usually lead to hybrid system models. Control synthesis 
for hybrid systems is a difficult problem, and one common approach to this problem is, first, to simplify a given hybrid control 
problem by generating a symbolic abstraction of the system to be controlled and, second, to design a symbolic controller using 
existing synthesis techniques. This controller synthesis approach is usually used in two different settings. 

In the first setting a system should obey a specification given in terms of a linear temporal logic (LTL) or computational tree 
logic (CTL) formula over a finite set of symbols, e.g., “always eventually visit region A”, which can only be enforced by 
symbolic controller synthesis techniques. Inspired by the computer science community, this line of research applies techniques 
developed for verification and synthesis of software processes, as e.g. in [1], [12], [10] and summarized in [11, Part II]. In that 
work a symbolic abstraction is constructed by partitioning the original state space into a finite number of cells, such that this 
partition allows for a bisimulation relation between the original state space model and its abstraction. The set of equivalence 
classes of this partition is used to define the outputs as well as the states of the constructed abstraction. This abstraction method 
is often referred to as quotient based abstraction (QBA), a terminology we adopt in this paper. 

Contrary to this viewpoint, another class of abstractions is tailored to handle systems where the available interface for control 
is symbolic. Hence, the construction of a symbolic abstraction is motivated by limited sensing (e.g., a sensor that can only 
detect threshold crossings) and/or limited actuation (e.g., a valve that can only be fully opened or closed). This implies that 
the set of input and output symbols is predefined and cannot be used to adjust the abstraction accuracy. The Strongest l- 
complete approximation {SICA) [4] is one concept explicitly addressing this issue, which was recently generalized to the 
strongest asynchronous Z-complete approximation (SAZCA) [8]. Here, the accuracy of the abstraction is adjusted by changing 
the number I of past input and output symbols considered in the construction of the abstract state space. 

The idea of using Z-long strings of symbols as abstract states was recently revisited in [3], [15], [13]. Interestingly, the 
abstractions in [3], [15] are based on (approximated versions of) QBA but employ ideas from SZCA without assuming a 
symbolic controller interface. In [3] and [15] Z-long sequences of modes of, respectively, incrementally stable switched systems 
and stochastic systems are used as abstract states rather than input and output symbols. 

In this paper we formally compare QBA and SAZCA to point out their conceptual differences which are mostly due to the 
different scenarios they are tailored to. This, of course, also has an influence on the construction of symbolic controllers based 
on those abstractions. While we do not provide a formal comparison of the controller synthesis step, an insightful discussion 
of this step in both scenarios is given in Sec. V-D. 

Apart from this additional discussion, this paper furthermore extends the results in [9] by providing proofs for all results and 
several detailed examples illustrating the paper’s contents. 
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II. Preliminaries 

In this section, we first review necessary notation from behavioral systems theory (e.g., [14]) in Sec. II-A and derive a model 
of the original system in Sec. II-B. To compare the resulting QBA and SAICA of this system we introduce the notion of 
simulation relations in Sec. II-C. 

A. Notation 

In the behavioral framework, a dynamical system is given by S = (T, W, B), consisting of the time axis T, the signal space 
W, and the behavior of the system, B C where (W)'^ := {w | w : T—> kP} is the set of all signals evolving on T and 

taking values in W. In this paper we only consider dynamical systems evolving on the discrete time axis T = Nq. However, 
to simplify notation, we extend the time axis of a behavior B C from No to Z by pre-appending each uj G B with 

the special symbol o, i.e., w = wqWiW2 ... G B is transformed to ... o o o wqWiW2 ■. • C (W U {o})^. Hence, the notation 

S = (No, W, B) refers to a system with behavior B C {W U {o})^ s.t.' Vw G B, k < 0 . Lo{k) = o. 

For any I G No, {wf := {oj | w : [0,1 — 1] —?■ kP} denotes the set of strings w with length I and elements in kP. Now let 

Z = [ti,t 2 ] be a bounded interval on Z with length \T\ = t 2 — ti A 1. Then wjx = w(fi).. . 02 (^ 2 ) G (kP)^^' is the result 
of restricting the map w : Z—s-kP to the domain I and disregarding absolute time information, i.e., u>lx G kPl^l instead of 
a;|i € kP^. Similarly, B\i results from restricting all trajectories in H to Z and disregarding absolute time information. For 
ti < t 2 we define wjjtj ji] ■= where A denotes the empty string. 

Now let kP, V and V be sets. Then the projection of the set kP and the symbol w G IP to P is defined by 

{ V , ]V=VxV fv , w=(v,v) 

kP , kP=P TTviw) := < w , W=V 
0 , else [a , else, 

respectively. With this, the projection of a signal uj G kP^ to V is given by 7ry(w) := {u € P^ | Vf G T . v{t) = 7rv{oj{t))} 
and TTviB) denotes the projection of all signals in the behavior B to P. The concatenation of two strings wi G (kP)*^ , W 2 G 
(kP)*^ ,ti,t 2 G No is denoted by uji ■ W 2 (meaning that 022 is appended to 021 ). 

B. Modelling the Original System 

The common starting point of methods generating finite state abstractions of a (possibly continuous) dynamical system is the 
definition of a finite external signal space IP. In the context of SAICA, W = U xY is assumed to be predefined by the system 
to be abstracted, where {7 is a finite set of control symbols and Y a finite set of measurement symbols. In contrast, the work on 
QBA usually assumes full sensing and actuating capabilities but defines the finite output set Y based on a specification that the 
subsequently to be designed controller should guarantee. Therefore, the choice of IP = P is already part of the construction 
of QBA. In both cases, prior to the abstraction process, a state model of the system to be abstracted is required. 

Definition 1. A state machine is a tuple Q = {X,U,Y,S, Xq), where X is the set of states, Xq is the set of initial states, U 
is the set of inputs, Y is the set of outputs, and 5 G X xU xY x X is a next state relation. 

The set of admissible outputs of a state x G X is defined by 

H 5 (a;) := {yGY\3uGU,x'GX . {x,u,y,x')G5} 

and Q is said to be output deterministic if 

'ix G X . H5(x) 0 => |H5(a:)| = 1. 

Furthermore, 

F 5 (x,'u) := {x'GX\3yGBs{x) . {x,u,y,x')G5} 

:= {x'gX\3u GU . x' G F5(x, u)} , 

are the sets of post-states of a state-input pair {x,u) and a state x, respectively. 

If the state evolution and the output generation of a transition {x,u,y,x')Gd can be separated in Q s.t. 

yxGX, uGU.{x,u, y, x')g6 ^ 

a state machine can be equivalently defined by the six-tuple {X, Xq, U, Y, H^j), which usually defines a transition system. 
Using a state machine Q to model the original system, its full behavior, i.e., the set of infinite input, state, and output sequences 
compatible with its dynamics, is defined as follows. 

'Throughout this paper we use the notation ”V . ”, meaning that all statements after the dot hold for all variables quantified before the dot. ”3 . ” is 
interpreted analogously. 


(la) 

(lb) 

(2a) 

(2b) 
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Definition 2. Let Q be a state machine as in Def 1. Then the full behavior of Q is defined by 

Bf{Q) :=|(m, 

Furthermore, if 

Vx € Xo . 3(/r, V, £) G Bf{Q) . ^(0) = x and 
\/x G X . 3{^, V, ff) G Bf{Q), fc G No . ^{k) = x 

Q is called live and reachable. 

Whenever Q is live and reachable, the dynamics of Q can be equivalently described by its full behavior. As SA/CA are 
typically constructed from Bf{Q) instead of Q we restrict attention to state machines that are live and reachable. Furthermore, 
since QBA are usually constructed from transition systems which coincide with state machines if (3) holds, we consider the 
following setup in this paper. 


(5a) 

(5b) 


v,0&iU xY X Xf 


e(0)GXo 

AVfcGNo . n{k),v{k),^{kYl))G5 


Given a dynamical system S, we assume that its external dynamics can be modeled by a state machine 


and the external signal space 


Q = {X, U, Y, 6, Xo), s.t. (3) and (5) holds 


W G {U xY,Y} is finite. 


(6a) 

(6b) 


In the remainder of this paper we introduce two methods to construct a finite state abstraction of Q in (6), namely asynchronous 
l-complete approximations (SA/CA) (from [8]) in Sec. Ill and quotient based abstractions (QBA) (from [11, part II]) in Sec. IV. 
To provide a formal comparison of the resulting models in Sec. V, we first introduce the notion of simulation relations. 


C. Simulation Relations 

Simulation relations are commonly used to compare system models in a step-by-step fashion. The idea is to investigate, if 
there exists a relation between the state spaces of two systems which ensures that trajectories of the first can be mimicked by 
the second system, such that only related states are visited and equivalent external symbols are generated by both systems. To 
incorporate all possible choices of external signal spaces W as in (6b), we slightly modify the usual definition of simulation 
relations for transition systems (e.g. [11, Def. 4.7]) as follows. 

Definition 3. Let Qi = {Xi, Ui, Yi,6i, Xi^), i G {1, 2}, be state machines and W a set s.t. irwiUi x Yi) = 'n'w{U 2 x Y 2 ) 0. 

Then TZ C Xi x X 2 s.t. 

Vx^gA^io . { 3 X 2 GX 2 Q . {x\,X 2 ^GTZf) and (7a) 


\A7rw(ui,yi) = nw{u2,y2) 

is a simulation relation from Qi to Q 2 w.r.t. W, denoted by TZ G 22 )- 

Using Def. 3 we can formally define an ordering on the set of state machines in the usual way. 

Definition 4. Given the premises of Def. 3, a state machine Qi is simulated by Q 2 w.r.t. W, denoted by Qi Q 2 . if there 
exists a relation TZ G 22 )- Furthermore, 2i and Q 2 are bisimilar w.r.t. W, denoted by 2i —w Q 2 , if there exists a 

relation TZ G Q 2 ) also satisfying^ TZ~^ G Sf{^{Q 2 , 2i)- 

III. Strongest Asynchronous /-Complete Approximations (SA/CA) 

The idea of SA/CA is to exactly mimic the external behavior of 2 in (6) over finite time intervals of length / -f 1. We therefore 
consider the behavioral system E = (No, W, B{Q)), where B{Q) is the extension of ttw{B f (Q)) to Z as discussed in Sec. II. 
All finite strings of external symbols of length / which are consistent with the dynamics of Q are given by 

MB{Q)) := U S(2)|[fc-i+i,fc]- (8) 

fceNo 

^As usual, TZ~^ := {(a; 2 ,a;i) | (a;i,a; 2 ) G 77}. 



V (a;i,a; 2 ) G G Ui,yi G Yx,x\ G Ai . 


{xi,ui,yi,x[) G 


3 u 2 G U2,y2 G Y2 ,x'2GX2 .J 
/ {x2,U2,y2,X2)GS2 
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a b 


aba 


baa 


1-^^^► 
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0 2 No t' t No 


Figure 1. Example of a domino game for I = 2 (left) and an illustration of the usual choice X* in Prop. 1 for t > I = 4 with t' = t — I (right). 


Now consider the following gedankenexperiment: assume playing a sophisticated domino game where n;+i(B(Q)) is the set 
of dominos. Pick the first domino to be B(Q)|[_;_o] a domino with only diamonds except for the last symbol) and append 
any domino from the set n;+i(i3(Q)) if the last I symbols of the first domino are the same as the first I symbols of the second 
domino (see Figure 1 (left) for an example). Playing the domino game arbitrarily long and with all possible initial conditions 
and domino combinations results in the largest, in the sense of set inclusion, behavior satisfying 

=S(Q)Ih. 0 ] and (9a) 

n,+i(S')=ni+i(B(Q)), (9b) 


defining the behavioral system E* = (Nq, W,B^). Observe that the smaller I, the less information in the domino game is used, 
which generates more freedom in constructing signals, implying B D B 3 13{Q) for all I G Nq. This motivates the use 
of B^ as an over-approximation of the behavior B{Q). Obviously, equality B"^ = B{Q) holds for all r > ( if ;B(Q) is itself 
the largest behavior satisfying (9). In [8], a system E = (Nq, W, B(Q)) for which the latter is true was called asynchronously 
l-complete which inspired the name of SAICA. Following [8], E* constructed in the outlined domino game is the unique 
SAICA of E = (No, WtB{Q)). However, we are usually interested in a state machine realizing its step by step evolution. 

Definition 5. Given (6) and (9), the dynamical system E* = (No, W. &) is the SAICA of'S = (No, W, B(Q)). A state machine 
Q is a realization ofN^ if B^ = B(Q). 


In the work on S^CA and SAICA the state space X to construct the realization Q of the abstraction E^ is usually chosen such 
that the state represents the “recent past” of length I of the external signal. Recalling the gedankenexperiment, this choice of 
X is motivated by the fact that the next feasible domino of length Z + 1 is determined by the last I symbols of the previous 
domino (see Fig. 1 (right) for an illustration). Using this state space, the standard state machine realization of SAICA, denoted 
by Q in this paper, is defined as follows. 


Proposition 1 ([8], Thm.4). Let E^ = (No,IU, be the SAICA ofT, and define 

X^ :={o}'un,(B'), 

Xq :={o}^, and 


:|(J,u;, (J-w) |[i,/]) 


X - w G Hz+i 


{&)}. 


Then E^ is realized by Q} = [X’-,W,5\ X^fi. 


(10a) 

(10b) 

(10c) 


Summarizing the abstraction procedure outlined above, constructing the finite state abstraction Q} in Prop. 1 using SAICA 
only requires knowledge about the set n;+i(B(Q)). However, if Q is available, we can construct Q* from Q directly, as shown 
in the following section. 


A. Some State Machine Realizations of SAICA 

Recall from Prop. 1 that the set of external sequences of length I, given by n;(B*) = n;(B(Q)) (from (9b)), is finite. We now 
investigate how to use this set as a state space in the construction of different state machine realizations of the SAICA of a 
system E. This is be done on the basis of a state machine realization Q of E satisfying (6). For this, we first investigate how 
a string ( G n/(B(Q)) can correspond to a state x G X of Q. Observe that (( is a string of length I and a; is a state reached 
at a particular time Zc S Nq. We consider the cases where ( is generated by Q immediately before, immediately after or while 
X was reached. This leads us to a set of intervals 

= [m — l,m — 1] s.t. l,m G Nq, and m < I, (11) 

^As before, B(Q) denotes the extension of iryY (Bf {Q)) to Z. 
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Figure 2. Illustration of corresponding external sequences d^rn € (x), m G {0,. .., 3} for state x = ^{k) where W = Y = {a, b, c} and v{k) G H 5 (x) 

for some fc G Nq. 


where"^ [k, k] + Iq = [k — I, k — 1] corresponds to the first, [k, k] + X; = [k,k + I — 1] corresponds to the second, and for all 
other choices of m, [k, k] +1^ corresponds to the third case. Based on (11) the sets of compatible states are introduced in 
Def. 6 and illustrated in Fig. 2. 


Definition 6. Given (6) and (11), let Eg = (No,FF x X,Bs{Q)) be a dynamical system, where Bs{Q) is the extension of 
T^Wxx{Bf{Q)) to Z as discussed in Sec. II. Then the set of corresponding external strings w.r.t. is defined for every state 
X € X by 




3{uj,0&Bs{Q),k€no. 


^{k)=x \ 

= ^\[k,k]+I>^) ^ 


( 12 ) 


Furthermore, if 

Vx G X,(!^,(^' G E^™(a;) . = (,'\[i-m,i-i\ 


(13) 


Q is called future unique w.r.f. X^. 

■jl 

Observe, that C, C' G E "•(cc) in (13) are obtained from two trajectories (w,^), (oj',^') G Bs(Q) passing x at time k G No and 
k' G No, respectively, (i.e., ^(fc) = C{k') = x) using (12). During this restriction of oj (resp. oj') to ( (resp. (') absolute time 
information is disregarded (see Sec. II-A), implying C|[i-Tn,i-i] = uj\[k,k+m-i] and = uj\[k',k'+m-i]- Therefore, 

Q is future unique w.r.t. X^ if for all states x G X all trajectories passing x have the same m-long (non-strict) future of 
external symbols, i.e. wjjfc fc+m-i] = ^'\[k',k'+m,-i]- Using this intuition it is easy to see that Q is always/MfMre unique w.r.t. 
Xq = [—/, —1], as this interval has no future. 

We now proceed by constructing m finite state machines using the outlined correspondence between X and Ili{B{Q)). 


Definition 7. Given (6) and (11), define 


:= 






r^:=i 


3x G X . C G E-^™ (x 
3x G Xq . C G E^™ (x) I , and 

( l[o,z-^—1] I[o,z--m—1] ' ^ '] 

^ 1] 2]) l[0,m —1] 

^ X G E^”* (x) 

Ax' e E^™(x') 

\A(x,m, j/,x') e 5 


{x,u,y,x'] 


A3x, x' G X . 


\ 


>• 


J) 


Then , [/, U, , xf™) is called the X^^-abstract state machine of Q. 


(14a) 

(14b) 


(14c) 


The construction of the abstract state machines in Def. 7 can be interpreted as follows. Using (14a) instead of X^™ = 
{o}* U ni(6(Q)) ensures that is live and reachable, which is purely cosmetic but allows to simplify subsequent proofs. 
The last line in the conjunction of (14c) simply says that we have a transition in from x to x' if there is a transition 
in Q between any two states compatible with x and x', respectively. However, the first two lines in the conjunction of (14c) 
additionally ensure that x and x' obey the rules of the domino game, i.e.. 


X|[i,i_l] = x'|[o.i_2] 


■^The addition of two intervals is interpreted in the usual sense, i.e., [a, b] + [c, d] = [a + c, 6 + d]. 
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as depicted in Fig. 1 (right) and the current external symbol w = TTw{u,y) is contained in either x or x' or both, at the 
position corresponding to the current time point, i.e., 

w = x'{l — 1) if TO = 0, 

w = x{l — m) = x'[I — 1 — m) if 0 < TO < ( and 
w = x(0) if TO = /. 

As we are interested in state machine realizations of SA/CA, we show that realizes S* for all choices of I and to. 

Theorem 1. Given (6) and (11), let Q^rn he defined as in Def. 7 and let T} = (No,VF,yB*) be the unique SAIGA of T, = 
(No, FF, ,B(Q)). Then realizes Yf. 

Proof. See Appendix A-B. □ 

As an intuitive consequence of Thm. 1, choosing m = 0 and the full external symbol ^t\.W = UxY when constructing Q ^ 
in Def. 7 yields the standard realization Q} of SAICA. 

Theorem 2. Given (6) and (11) with W = U x Y, let Q} and as in Prop. 1 and Def. 7, respectively. Then Q} = Q^o. 
Proof. See Appendix A-C. □ 

B. Ordering based on Simulation Relations 

Before we discuss the ordering between abstract state machines based on changing I and to, we show under which conditions the 
obtained abstraction simulates the original state machine Q and when both state machines are bisimilar. This investigation 
is interesting for the comparison to QBA, as the latter always simulates the original state machine Q. Furthermore, the framework 
of QBA allows to construct a bisimilar abstraction whenever the employed repartitioning algorithm terminates. Hence, it is 
interesting to know if the latter is also true for SAICA. 

The investigation of similarity between and Q requires the construction of a relation between the original state space X 
and the abstract state space . As dehnes a cover for X where each cell is given by all states x corresponding to a 
string (( G X ^ via E the latter is a natural choice for a relation between X and AT 

Recall from Thm. 1 that the behaviors of Q and coincide if B{Q) is asynchronously ^-complete. Behavioral equivalence 
is always necessary for a relation 7?, to be a bisimulation relation but usually not sufficient. We therefore introduce a stronger 
condition, called state-based asynchronous l-completeness, to serve the latter purpose. 

Definition 8. Given (6), Q is state-based asynchronously ^-complete w.r.t. if 

Vx e X,C G Ui+^{B{Q)) . C|[0./-1] G ^ C G (15) 

Remark 1. Recall from the beginning of this section that the dynamical system E = (Nq, FF, ,B(Q)) is asynchronously T 
complete, as defined in [8, Def.6], if B{Q) is the largest behavior satisfying (9) itself. Intuitively, the latter is true if for all 
(C G n/_|_i (;B(Q)) there exists an x G X s.t. the second part of (15) holds. Therefore, asynchronous l-completeness of Y is 
always implied by (15), but not vice-versa. < 

Theorem 3. Given (6), (11) and as in Def. 7, let 

= |(a;,x) G a: X X G E^-(a;)| . (16) 

Then it holds thaf 

(i) TZ G Q is future unique w.r.t. and 

(ii) TZ~^ G Q) ^ Q is state-based asych. l-complete w.r.t. 

Proof. See Appendix A-D. □ 

Intuitively, simulates Q w.r.t. FF if for every related state pair [x, x) G TZ and every transition (x, u, y, x') G S which 

Q “picks”, can “pick” a transition {x,u',y',x') G 5^”* s.t. w = TTw{u,y) = Trw{u',y'). However, if to > 0, a state 

X G has only outgoing transitions s.t. w = x(l — to). Therefore, can only simulate Q iff in every state x G X all 
outgoing transitions agree on this w, i.e., Q is “output deterministic” w.r.t. FF. For to > 1 applying this reasoning iteratively 
gives the (rather restrictive) condition of future uniqueness of Q. As the outlined problems are absent for to = 0 (as Q is 
always future unique w.r.t. Ig), Q^o, which we know to coincide with the original realization Q* of SAZCA for W = U xY, 
always simulates Q. 

^Using iAijxY instead of yiw in (i) is done on purpose and indicates that this relation holds for U xY independent from the choice of W. 
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Corollary 1. Given (6), (11) and Q^o as in Def 7 it holds that Q dijjxY 

Remark 2. In the context of SICA a state machine was introduced in [6] whose state at time k represents the string of 
external symbols from time k — I + 1 to time k, i.e., from the interval k +While the state sets of and coincide, 
their transition structure slightly differs. This is a consequence of the fact that was intended to serve as a set-valued 
observer for the states of Q. <i 


Recalling the domino game, we know that using longer dominos (i.e., increasing 1) gives less freedom in composing them and 
therefore yields a tighter abstraction. This intuition carries over to the state space realizations of inducing an ordering in 
terms of simulation relations. 


Theorem 4. Given (6), (11) and as in Def 7, let 




Xi = Xl+I 




Then it holds that 

(i) TZ € , Q^”') and 

(ii) e ^ S' = S'+i. 


(17) 


Proof See Appendix A-E. 


□ 


Thm. 4 (ii) implies that the accuracy of the abstraction cannot be increased by increasing ^ > r if S(Q) is asynchronously 
r-complete and m is fixed, e.g. m = 0. Therefore, the standard realization Q' for SAICA might never result in a bisimilar 
abstraction of Q, no matter how large I is chosen, even if S = (No,lE, S(Q)) is asynchronously r-complete. This is due to 
the fact that (15) is not implied by asynchronous (-completeness of E (see Rem. 1). 

Interestingly, we will show that increasing m, i.e., shifting the interval into the future, results in a tighter abstraction w.r.t. 
simulation relations, i.e. allows to increase the precision of for I > r even if E is r-complete. 

Theorem 5. Given (6), (11), and QDn as in Def 7 with m < I, let 


7 ^ = 



^ Xm+l\[0,l—2] — — 

Xjn+1 e (x) ' 


a3x e X . 


V 


,AXm G E ™(x) 


( 18 ) 


Then it holds that 

(i) TZ € and 

(ii) G 

Proof See Appendix A-F. □ 


( Q is future unique w.r.t. 

yAQ is state-based async. l-complete w.r.t. 


It is important to note that future uniqueness and state-based asynchronous (-completeness are incomparable properties, i.e., 
none is implied by the other. Therefore, there exist situations where with m > 0 simulates Q (i.e., Q is future unique 
w.r.t. 2^i) and is tighter than in terms of simulation relations. However, if Q is both future unique and state-based 
asynchronously (-complete w.r.t. a particular interval Thm. 5 implies that increasing ( > r and m> n will not result in a 
tighter abstraction. Moreover, this is not necessary anyway, as Thm. 3 implies that in this case Qfri is bisimilar to Q. 


C. Example 

We conclude this section with a detailed example illustrating the construction of I^-abstract state machines and the property 
of future uniqueness and state-based asynchronous (-completeness for different choices of ( and m. For simplicity, we consider 
a finite state machine 

Q = {X,U xY,6,Xo) s.t. W = V (19) 

as the original model, whose transition structure is depicted in Fig. 3. It can be inferred from Fig. 3 that the output behavior 
of Q is given by 

B(Q) = {yiy2((y3y2)*(miT4)*r,iiiy4((y3iT2)*(my4)*)‘^} 

where (•)* and (•)‘^ denote, respectively, the finite and infinite repetition of the respective string. Furthermore, the sets of 
1-long and 2-long dominos obtained from G(Q) via (8) are 

n^(G(Q))=Y and 

n2(i3(Q)) = {oyi, yiy 2 , ym, 2/22/3, 2/32/2, 2/32/4, 2/42/3}- 




Figure 3. Transition structure of the state machine Q in Fig. 3. 



To play the domino-game for I = 1, i.e., with dominos from the set Il 2 {B{Q)), we have to pick oyi as the initial domino 
and append dominos such that the last element of the first matches the first element of the second domino. It is easy to see 
that in this example every such combination of dominos yields a sequence contained in B{Q). Hence, S = (No,y,.B(Q)) is 
asynchronously 1-complete and therefore also asynchronously 2-complete. 

Using Q in Fig. 3 we can construct the Xg- and X|-abstract state machines of Q using Def. 7. Their transition structures are 
depicted in Fig. 4. Furthermore, we obtain the following properties of Q w.r.t Xg and X^. 

(Al) Q is not state-based asynch. 1-complete w.r.t. Xg: 

(15) does not hold as for X 2 and yiy 4 G Ii 2 {B{Q)) we have yi G but yiy^ ^ 

(A2) Q is future unique w.r.t. Xg (as this always holds). 

(Bl) Q is not state-based asynch. 1-complete w.r.t. X|: 

(15) does not hold as for xi and yiy 4 G Xl 2 {B{Q)) we have yi G E[°’°](a;i) but yiy 4 ^ Ef°’^](xi). 

(B2) Q is future-unique w.r.t. X^: 

It is easy to see that Q is output deterministic what immediately implies that Q is future-unique w.r.t. X| as we chose 
W = Y. 

Using (A2) and (B2), Thm. 3 (i) implies that 

:={(a;i,o)} U {(x 2 , t/i), (a; 2 , t/s)} U {{x3,y2), {x3,y4)} 

U{(a;4,yi),(a;4,2/3)}U{(a;5,o)} and (20a) 

TZ 1 :={(a;i,yi), (a: 2 , 2 / 2 ), (a^s.ys), (a^4,2/4), (a:5,yi)} (20b) 

are simulation relations from Q to Q^o and , respectively. It should be noted that every state Xi G X is related via to 

its unique output {yj} = while Xi G X is related via TZ^o to all possible output events Q might produce immediately 

before reaching Xi, i.e., the set of t/-labels of all incoming transitions. 

Using (Al) and (Bl) we know from Thm. 3 (ii), that TZp^o (resp.7?.^i) is not a bisimulation relation between Q and (resp. 
Q^i)- This can be observed from Fig. 4 by choosing (a; 2 ,t/i) G TZ^° and (yi, ( 464 , j/ 4 ), 7 / 4 ) G and observing that X 2 has 
no outgoing transition labeled by 7 / 4 . Similarly, we can choose {xi,yi) G TZ^^ and ( 7 / 1 , ( 774 , 7 / 1 ), 7 / 4 ) G 6 ^^ and observe that 
there actually exists an outgoing transition in xi labeled by ( 771 , 7 / 1 ) but this transition reaches state X 2 which is not related to 
7/4 via TZ^i. 

Increasing I and constructing the Xg- and X|-abstract state machines of Q using Def. 7 yields the state machines and 
0^2 whose transition structure is depicted in Fig. 5. It is interesting to note that using more information from the past, i.e., 
using Xg = [—2, —1] instead of Xg = [—1, —1], does not render Q state-based asynchronously (-complete. 

(Cl) Q is not state-based asynch. 2-complete w.r.t. Xg: 

(15) does not hold as for X 2 and 07 / 17/4 G n 3 (B(Q)) we have 07/1 G b}^~'^~^\x 2 ) but 07 / 17/4 ^ Ef“^’°^(a; 2 )- 
(C2) Q is future unique w.r.t. Xg (as this always holds). 
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Figure 5. Iq- and X|-abstract state machines of Q in Fig. 3, where {if} := yiUj. 

Contrary, using more information from the future, i.e., using X| = [0,1] instead of ll = [0,0], renders Q state-based 
asynchronously l-complete. However, in this case the future uniqueness-property is lost. 

(Dl) Q is state-based asynchronously 2-complete w.r.t. 

Using more future information actually resolves the ambiguity from Xl. E.g., choosing xi we can only pick t/it/ 22/3 G 
n 3 (B(Q)) to obtain j/ij /2 G obviously implying t/it/ 22/3 G 

(D2) Q is not future-unique w.r.t. X|: 

(13) does not hold as for X 2 we have t/ 2 t/ 3 j/ 2 , J/ 2 t/ 3 j /4 G E ^(xi) but obviously t/ 22 / 32/2 7 ^ 2 / 22 / 32 / 4 - 
Using Thm. 3 we can now construct relations and analogously to the ones for ( = 1 in (20). However, now (C1)-(D2) 
imply that 

G but i Q) and 

' G Q) but 2^')- 

To see that TZ?'^ is not a simulation relation from Q to pick (xa, 2 / 32 / 4 ) G and (xa, tta, 2 / 3 , X 2 ) G 5 and observe that 
2 / 32/4 does not have an outgoing transition labeled by {u^,yz)- 

Recall from (D2) that Q is not future unique for X|. Using (13) this implies that for any interval with m — 1 > 2 (i.e., 
any interval with two or more future values) the property of future uniqueness does not hold. 

In terms of state-based asynchronous (-completeness the problem is inverted. If we use m — 1 < 2 (implying future uniqueness 
of Q w.r.t. ll^ from (A2) and (C2)) Q cannot be state-based asynchronously (-complete for any ( as the ambiguity for attaching 
dominos cannot be resolved by further knowledge about the past. In this case the counterexamples in (Al) and (Cl) can be 
reused by pre-appending the considered strings by an appropriate number of diamonds. It is rather necessary to look at least 
two steps into the future, i.e., pick m — 1 > 2, to resolve this ambiguity as shown in (Dl). 

Concluding the above discussion there obviously exists no ( and m s.t. Q in Fig. 3 is both state-based asynchronously (-complete 
and future unique w.r.t. Xl^. Therefore, increasing ( and m will never result in a bisimilar abstraction of Q. 

IV. Quotient-based Abstractions (QBA) 

The idea of quotient based abstractions (QBA) is to partition the state space X into a finite set of equivalence classes Y 
which is used to define the discrete outputs of the original system as well as states of the abstraction. The set Y is usually 
constructed iteratively, by choosing an initial partition and using the refinement algorithm in [2] which terminates if the 
partition allows to construct a quotient state machine which is bisimilar to Q. 

A. Incorporating the Partition Refinement Algorithm 

To draw the connection to the setting of SA(CA, we assume that the original system is modelled by (6a) with finite, predefined 
output set W = Y, and initialize the re-partitioning algorithm in [2] with the partition induced by H^. Using state machines 
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instead of transition systems, we restate this algorithm with slightly modified notation. Therefore, some necessary properties 
of the resulting partitions are restated from [2] in Lem. 1. 

Definition 9. Given ( 6 ) and I € N, then^ 


$1 :={H^i(t/)|l/G 2 ^} ( 21 a) 

and := ( 21 b) 

s.t. $'2 :={Z'nT;^^(Z)|Z'€$'"^} U . (21c) 

iteratively defines the partition of X w.r.t. Y. 

Lemma 1. Given ( 6 ) and as in Def. 9 it holds that 


yZ €^\x,x' e Z . Rs{x) = lis{x'), (22a) 

$'={Zg2^|VZ'g$'"^ {Zr\Tj\Z') 7 ^ 0)=^(Z C Tf^{Z'))], (22b) 


and is a fixed point of ( 21 ) if 

VZ,Z'g$'. (ZnT^^(Z') f%)^[zc Tf^{Z')) . ( 22 c) 

Proof (a) It follows from [2], Prop.3.9 (i) that 


VZ e . 3Z' € . Z GZ' 


(23) 


Now recall from (21a) that for all G there exists 1^ G 2^ s.t. ^(1^) and is a partition. Using (23) we obtain 

Z C H^^(U), what proves the statement. 

(b) It follows from [2], Prop.3.9(v) that 


VZ' G \ Z G 


/ ZGTf^{Z')=%\ 

Vvz c i:f\z') ) 


Using that B is, logical equivalent to V B and rewriting the previous statement into set-notation gives (22b). 

(c) It follows from [2], Prop.3.10 (iii) that is a fixed point of (21) if With this (22c) follows from (22b). □ 


Proposition 2. Given ( 6 ), W=Y and in (21) it holds that 


Proof See Appendix A-G. 


= 


{(E-i 


(^) 


V G 2^’^)' 


(24) 

□ 


Observe that Prop. 2 implies that the equivalence classes of <I>* are given by all the sets V G 21^^ of /-long dominos which 
are consistent with the behavior of Q and the map E^‘ is the natural projection map of taking a state a; G to its (unique) 
equivalence class. 


B. QBA with Increasing Precision 

Constructing quotient state machines from every obtained partition results in a chain of abstractions with increasing 
precision, similar to increasing I when constructing SA/CA. Precisely following the construction of QBA one would first 
construct an output determinized version of Q with output space U* = for every I and its QBA also having Y^ 

as its output space. However, to formally compare the resulting state machines to the realizations of SA/CA using simulation 
relations or behavioral inclusion requires identical output spaces. We therefore slighly change the definition of QBA to output 
values in the set Y rather than in YK 


Definition 10. Given ( 6 ) and Y^ = define 

G F'|3x G a: . y = 

3x G Xq ■ y = E^‘ (a 


X‘^ = lyeY‘ 


S^'^ = {(x,u,y,x') 


and 


3x, x'gX. 


' x=E^'^{x) 
Ax'=E^‘ (x') 
\A{x,u,y,x')G6^ 


Then = {P^,Ux Y,6‘^,X^f^) is the l-th quotient state machine of Q. 


(25a) 

(25b) 

(25c) 


*In (21b) the operator o^^Afa composes all functions fa with a € A in any order. 
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Figure 6. First and second quotient state machines of Q in (19), where (iji) := yiVj. 


Changing the definition of the output space of QBA from Y to Y, allows us to show (bi)-similarity of Q and using the 
usual relation as, e.g., in [11], Thm. 4.18. 

Theorem 6. Given ( 6 ) and as in Def. 10, let 


7^ = |(x,x) G (x X 



(26) 


be a relation. Then 

(i) TZ G 91ij^y(Q’ 2*^) 

(ii) TZ~^ G Q) is a fixed-point of (21). 


Proof. See Appendix A-H. 


□ 


It is easy to see, that increasing I gives a tighter abstraction as long as no fixed-point of (21) is reached and whenever a 
fixed-point exists, the tightest possible abstraction Qf^ will be bisimilar to Q. 


C. Example 

We conclude this section by revisiting the example in Sec. III-C. In particular, we discuss the construction of the quotient 
state machine of Q in Fig. 3. Recall that Q is output deterministic, implying that (3) holds. Using (21) the first and second 
partition of X w.r.t. Y are given by 

= {{xi, X 5 }, {X 2 }, {X 3 }, {X 4 }} and (27a) 

{ 3 ^ 2 }, { 2 : 3 }, {xi}, {xs}} (27b) 

with 

{ 1 / 2 }, {ys}, {j/ 4 }} and (28a) 

^^={{1/12/2}, {2/22/3}, {2/32/2,2/32/4}, {2/42/3}, {2/12/4}}- (28b) 

Using (22c) we have the following observations. 

(El) is not a fixed-point of (21): 

To see that (22c) does not hold, pick xi,x^ G H~^({i/i}) and observe that xi G T^^({t/ 2 }) and X 5 ^ T^^({i/ 2 }), hence 

{2/1} n Tf\{y 2 }) f 0 but {y,} % T,- 1 ({ 2 / 2 }). 

(E2) is a fixed-point of (21): 

As all cells of are singletons (22c) trivially holds. 

Now constructing the first and second quotient state machine of Q using Def. 10 yields the state machines depicted in Eig. 6 . 
Using Thm. 6 (i) we know that 

:= {{xi, {yi}), {x2, {y2}), {x 3 , {ys}), {x 4 , {va}), {x 5 , {yi})} and (29a) 

:= {(xi, {t/12/2}), (a;2, {2/22/3}), {xs, { 2 / 32 / 2 , 2 / 32 / 4 }), {xa, {2/42/3}), (2:5, {2/12/4})} (29b) 

are simulation relations from Q to and respectively. However, Thm. 6 (ii) implies that only is a bisimulation 
relation between Q and To see that this is not true for R}^, we choose (xi, {2/1}) G and ({2/1}, (wi, 2 /i), {2/4}) € 

and observe that there exists only one outgoing transition in xi labeled by {ui,yi) reaching X 2 , which is not related to { 1 / 4 } 

via R.^'^. 
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V. Comparison between SAICA and QBA 

When it comes to comparing QBA and SAICA there are two interesting questions to be asked. 

(i) Does realize the unique SAICA E* = {No,Y,B^) of S = (No,E, B(Q))? 

(ii) Can we order the realizations , Q^‘, and in terms of simulation relations for W = Y1 

Unfortunately, none of the above statements is true in general. We will therefore derive necessary and sufficient conditions on 
the structure of Q for those statements to hold. 

A. Comparing and 

We start by giving the only comparing result that holds in general. 

Theorem 7. Given (6) and (9) s.t. W = Y and as in Def. 10, it holds thaf C BK 

Proof. See Appendix A-I. □ 

As behavioral inclusion is a necessary condition for the existence of a simulation relation from to (where the latter 
behavior is given by B^ from Thm. 1) the natural next step is to try to find such a relation. However, thinking back to the 
results in Thm. 3 (i) and Thm. 6 (i) there is not much hope for success, as the existence of such a relation would imply that 
we can also find a simulation relation from Q to without the need for future-uniqueness of Q w.r.t. X\. Not surprisingly, 
the latter condition will turn out to be necessary and sufficient for the naturally chosen relation from to to be a 
simulation relation. 

For the inverse relation to be a simulation relation from to the following property will turn out to be necessary and 
sufficient. 

Definition 11. Given (6) and (8) s.t. W = Y, if 

VCen,+i(B(Q)),yG?' . C|[0.i-i]Gy ^ 3 xg(e^') (^). Cge[0’'1(x), (30) 

Q is said to be domino consistent. 

Intuitively, domino consistency of Q implies that whenever a string C, is part of an abstract state y, i.e., C C y, any domino 
Q € I\.ij^t^{B{Q)) that can be attached to C in the domino game, i.e., C'|[o,i-i] = C,, can be attached for this particular abstract 
state y, i.e., there exists a transition from y to f s.t. C^l[i,i] G f. As can do all moves of the domino game, it becomes 
intuitively clear why the condition in Def. 11 is needed to prove that can simulate . 

Theorem 8. Given (6) s.t. W = Y and Q.^‘ and as in Def. 7 and Def. 10, respectively, let 

n={iC,y)cX^‘ xX‘^\C€y}. (31) 

Then 

(i) IZ C Q is domino consistent and 

(ii) Q is future unique w.r.t. X\. 

Proof. See Appendix A-J. □ 

Combining the results from Thm. 7 and Thm. 8 (i) we have the following answer to our first question. 

Corollary 2. Given (6) and (9) s.t. W = Y and as in Def. 10, realizes S* = {No,Y,&) if Q is domino consistent. 

Even though, we have only given a sufficient condition in Thm. 7 it should be noted that this condition is “almost” necessary 
in the following sense. The only reason for domino consistency to not be necessary for behavioral equivalence is that for 
any string v C B^ domino consistency is only required for all cells this string passes through. Since, in general, not every 
string passes though all cells that contain any of is Ulong pieces, domino consistency is only necessary for the cells which are 
actually passed, i.e., for “almost all” cells. 

To wrap up the comparison, it is interesting to note that future uniqueness of Q w.r.t. X\ implies domino consistency and 
therefore also bisimilarity of and 

Lemma 2. Let Q be a state machine satisfying (3), (5), and W = Y. Then 

Q is future unique w.r.t. X\ =y- Q is domino consistent. 

Proof. Using (13), future uniqueness of Q w.r.t. X\ implies that that for all a: G AT holds 

E^‘‘(a;)9^0=^|E^'(a;)| = l. 


^As before, denotes the extension of Try (Bf )) to Z as discussed in Sec. II. 


( 32 ) 
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Using (25a) this immediately implies |y| = 1 for all y G . Now pick C G n;^j^(i 3 (Q)) and y G s.t. C' = C|[o^i_i] G y, 
implying y = {C^}- As C G n;_|_j^(i3(Q)) we know that there exists (w,^) G Bs and fc G No s.t. C, = and therefore 

C G and C,' G {^{k))- Observe, that this immediately implies ^{k) G iv)^ what proves the statement. □ 

It is interesting to note that the inverse implication does generally not hold, i.e., domino consistency is a weaker condition. 
Hence, Q^‘ might actually be a tighter abstraction than Q’’^ if Q is not future unique w.r.t. Zj. However, recall from Thm. 3 
that in this case, does not simulate Q, i.e., might be “too tight” to suitably abstract Q. However, if Q is future unique 
w.r.t. ij:, and are actually equivalent up to a trivial renaming of states and the following connections can be drawn 
between both settings. 

Proposition 3. Given (6) s.t. Q is future unique w.r.t. X\, W = Y, and and as in Def. 7 and Def. 10, respectively, let 

7^=|(C,U)GX^' U = {C}}. (33) 

Furthermore, let Ti} and denote the relations defined in (16) and (26), respectively. Then it holds that 

(i) realizes Yf w.r.t. Y, 

(ii) n G and G 

(Hi) G Q) ^ G Q), and 

(iv) Q is state-based asychronoulsy l-complete w.r.t. X\ <!=> is a fixed-point of (21). 

Proof. See Appendix A-K. □ 

B. Comparing and 

Up until now we have investigated when realizes the SAICA and how compares to However, recall from 
Thm. 1 that choosing m = 0, i.e., constructing Q^o instead of , results in the standard realization of SAICA. Therefore, 
we want to conclude our comparison by investigating the connection between and Qfo. For this setting, it is essential to 
note, that Q being state-based asychronoulsy (-compl. w.r.t. X^ does not imply that the latter also holds for m = 0. Hence, we 
obtain the following ordering of abstractions by combining the results from Prop. 3 and Thm. 5. 

Corollary 3. Given the premises of Thm. 8 s.t. Q is future unique w.r.t. X\, then =y Qll qA. 

Even though future uniqueness of Q is a very strict requirement, it holds whenever Q is output deterministic and ( = 1 is 
chosen. In particular, taking the viewpoint of QBA and assuming that Y can be arbitrarily chosen implies that we can always 
run the refinement algorithm in Def. 9 first, before applying QBA and SAICA. In this case, Q is obviously output deterministic 
and choosing ( = 1 is sufficient, leading to bisimilar state machines and However, it should be kept in mind that in 
this scenario the standard QBA is usually tighter than the standard realization Q^o of SAICA in terms of similarity. 

C. Example 

We conclude this section by revisiting the example in Sec. III-C and Sec. IV-C to compare the abstractions constructed therein. 
Future uniqueness of Q w.r.t. X\ was already investigated in Sec. III-C and is given by the properties (B2) and (D2) for I = 1 
and I = 2, respectively. Hence, Q is future unique w.r.t. Xl but not w.r.t. l|. Concerning domino consistency, we have the 
following observations. 

(FI) Q is domino consistent for I = 1: 

Follows from (Dl) and Fern. 2. 

(F2) Q is domino consistent for I = 2: 

Follows from the fact that every 2-long string G Il 2 {B{Q)) is only contained in one abstract state x G X’’'^. Therefore, 
(30) trivially holds. 

Now observe that (B2) and Prop. 3 (ii) implies that and are identical up to the trivial renaming of states given by 
TZ in (33). This is also obvious by investigating Fig. 4 (right) and Fig. 6 (left). It can be furthermore observed from (20) and 
(29) that 

T^iv ^ ^ 

with TZ from (33). This is actually always true if Q is future unique w.r.t. Xj and was used to prove Prop. 3 (iii)-(iv). 

As Q is not future unique w.r.t. from (D2) we cannot apply Prop. 3 for I = 2. However, it follows from (F2) and Cor. 2 
that realizes the SAICA S* w.r.t. Y. This implies that for this particular example using QBA yields a bisimilar abstraction 
of Q (from (E2) and Thm. 6) which is a realization of the SAICA w.r.t. Y. However, this realization cannot coincide 
with any abstract state machine as one of its states is given by a set U G with \V\ > 1. In particular, as only 
simulates Q but is not bisimilar to the latter (from (Cl) and Thm. 3) and 2^= is only simulated by Q but not vice versa (from 
(D2) and Thm. 3) we have the following (strict) ordering of abstractions 

qA g2V g2V q 
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D. Some Comments on Control and Future Research 

In this section we have compared finite state machine abstractions resulting from SAICA and QBA using the notion of 
simulation relations. The construction of those abstractions is usually motivated by a control problem involving a finite set 
of output symbols. To use the obtained comparison results it would therefore be interesting to investigate the usability of the 
constructed abstractions for control purposes. Unfortunately, given the different settings of SAICA and QBA, the controller 
synthesis techniques applied in the literature also differ significantly, as they are usually tailored to the respective setting. Due 
to space limitations we are therefore not aiming at a profound comparison of the latter, but rather emphasize some observations 
from the example. 

In the literature on QBA so called alternating simulation relations are used to evaluate if an abstraction is suitable for control 
(see e.g. [ 11 , Def. 4 . 19 ] for a formal definition). It is interesting to note that for any choice of I and m the inverse relation 
TZ~^ of TZ in Thm. 3 (resp. Thm. 6 ) is an alternating simulation relation from (resp. to Q iff 7 ?. is a simulation 
relation from Q to (resp. Q’’^) and* 

V(a;, x) € 7 ^ . Uj-(x) C U5(x). ( 34 ) 

Hence, the abstraction must simulate Q to be suitable for controller synthesis in the setting of QBA. 

In our example we have shown in Sec. III-C that is not a simulation relation from Q to . Intuitively, this results from 
the observation that the abstraction has to “guess” non-deterministically when observing t/2 to which state to move to be able 
to “follow” the future evolution of Q. Interestingly, it can be observed in Fig. 4 (right) that the abstraction also needs to 
decide to either move to j/2 or 7/4 from 7/1 when observing the output 7/1. However, it was shown in Sec. III-C that TZ^^ is a 
simulation relation from Q to Q 1 and it can be easily observed that ( 34 ) holds for TZ ^ in (20). Hence, Q 1 is suitable for 
control in terms of alternating simulation relations, while is not. Intuitively, this is due to the fact that, using simulation 
relations, it is implicitly assumed that the abstraction “knows” to which state the original system moves. Therefore, can 
observe if Q moves to X2 or X4 and can then pick the “right” state, i.e., the related one. Contrary, the states 7/37/2 and 7/37/4 
of are related to the same state X3. Therefore, knowing that Q moves to X3 does not help to decide which state to pick 
in when observing 7/2. 

The previous argument obviously only works if the abstraction has full state information from the original system when 
“simulating” its moves. However, in the setting for SAICA the controller (which is designed based on the abstraction and 
therefore usually given as a sub-machine of the latter) can only interact with the system through the (predefined) set of output 
symbols Y. As the state space of Q is usually infinite while Y is finite, this usually implies that no full state feedback 
is available. Intuitively, one would therefore need to require that non-determinism in Q can be resolved without full state 
information in the setting of SAICA. 

This issue was recently discussed in [ 7 ] where it is shown that alternating simulation relations are not sufficient for abstraction 
based control if no full state feedback is available. To overcome this issue [ 7 ] suggests feedback refinement relations for a 
particular class of transition systems which allow for abstraction based controller synthesis using a predefined set of output 
events. As applying these ideas to the abstractions constructed in this paper would require a non-trivial extension of the relations 
in [ 7 ], we postpone this idea to future work. 

However, even without this formal extension, we can draw the following conclusions from the construction of I^-abstract state 
machines in Def. 7 . Observe, that choosing m = 0 , i.e., considering the original realization of SAICA, will always result in a 
deterministic state machine, i.e., observing an output y €Y fully determines the next state of the abstraction Qfo, Hence, the 
issue of unresolved non-determinism discussed above cannot occur in and TZ in (20) is always a simulation relation from 
Q to Q^o. Nevertheless, ( 34 ) still needs to hold to allow for an alternating simulation relation. For Q^o and Q^o constructed 
in Sec. III-C the latter is unfortunately not true as, e.g., \Js{x2) = {U2} C Ujxi( 7 /i) = {772,774} and {x2,yi) C TZ’'° (from 
(20)). 

Interestingly, this observation draws a nice connection to the conditions for controller synthesis using SICA in [ 5 ]. Therein, 
the original system is required to have a/ree input, i.e., 

Vx G a: . U 5 (x) = U. ( 35 ) 

q-l 

As ( 35 ) always implies ( 34 ), assuming a free input implies that TZ ° is an alternating simulation relation and no state information 
is needed for the abstraction to simulate the moves of the original system. 

Using these insights it would be interesting to investigate which conditions on Q allow for control based on a predefined set of 
input and output symbols using abstract state machines with m > 0 and cjuotient state machines As we have shown 
that increasing m results in tighter abstractions this could be beneficial if Q^o is not tight enough for a particular controller 
synthesis problem and increasing I does not refine the abstraction sufficiently. 

*Ui(a;) := {u£U\3y£Y, x'gX . {x,u,y,x')£5} 
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VI. Conclusion 

In this paper we have compared finite state machine abstractions resulting from SA/CA and QBA. For this purpose we have 
introduced a new parameter m € [0, 1] to realize SA/CA by different state machines. We have shown that the choice m = 0 
corresponds to relating states in the original state machine Q to their strict l-long past of external symbols, reproducing the 
standard realization of SA/CA. On the other hand, choosing m = / corresponds to relating states in the original state machine 
Q to their l-long future of external symbols. We have shown that this construction of realizations for SA/CA is closely related 
to the construction of QBA, if the latter is obtained from a partition resulting from / steps of the usual repartitioning algorithm. 
Even if the latter observation renders both methods conceptually similar, we could show that they are generally incomparable. 
Only in the special case where the original system is future unique both abstractions are identical up to a renaming of states. 
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In this appendix we provide all remaining proofs. 


Appendix A 
Proofs 


A. Preliminaries 


Given two signals uji,uj 2 € {W) ° and two time instants ti,t 2 € No, their concatenation wa = wi <jJ 2 is defined by 


Vf G No . iozit) = 


[ Wi(f) 

\W2it -ti+ t2) 


t <ti 
t > ti 


(36) 


Using this definition of concatenation, it can be shown (see e.g. [8], Prop.2) that for the full behavior Bf{Q) of a state machine 
Q defined in (4) the state property holds, i.e.. 


y {p,,2,0,{y,u',e)e Bf{Q),k,k' eNp.^ 

L ^(^k) = Oik') ^ ip,i2,0 & BfiQ). 

It is easy to see that (37) equivalently holds for the extension of Bf{Q) to Z as discussed in Sec. II. 

To simplify the subsequent proofs we now translate the conditions for a transition in which were given in Def. 7 in terms 
of transitions of Q into conditions of the domino-game. 

Lemma 3. Given (6) and as in Def. 7 it holds for all x,x' £ X, u £ U and y £ Y that 

|[0,/ —m —1]“(^|[0,/ —m —y))| [1,Z—m]'\ 

1] ~ I [/-^?T,2]) |[0,m —1] I 

Ax|[o ,l—m— lyw-x'ln en,+,(S(Q)) J 


(38a) 



^3Ceni^,{B{Q)). 


Cl[0,i-1] — ^ 
ACi[l.i] = x' 

Aw = (^{l — to) 
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where w = irwiu,!/). 


(38b) 


Proof. 

• Observe from (14c) that {x,u,y,x') € iff the first two lines of the conjunction in (14c) (resp. (38a)) are fulfilled and 
there exist x,x' G X s.t. 


3{oj,0&Bs{Q),k. 

3{oj',a^Bs{Q),k' 


^{k) = X 

Ax = 

Cik')=x' 
Ax to I 



= X \ 

Aw"{k")=w 
A^"{k" + 1) = x'j 


(39a) 

(39b) 

(39c) 


• Now observe from (39) that ^(fc) = x = ^"{k") and ^'{k') = x' = i"{k" + 1). Using (37) we therefore obtain 


(a;, a = (tu.O aI„ {w",a A^r+i {u:',e) G Bs{Q) 


(39d) 


giving 

^\[k+m—l.k+m] ~ ^\[k+m — l,k—l] {k ) ‘ UJ \[k\k'+m.— l] 

^l[0,/—m—1] ‘ W ‘ X 

G B{Q,)\[k+m-l,k+m] G (Z3(Q)), 

hence (38a) holds. 

• Now let C = Cj\[k+m-i,k+rn\ G (;B(Q)) and observe that w = ({I — to). With this choice of ( the first two lines of the 
conjunction in (14c) (resp. (38a)) immediately imply C|[o ;_i] = x and Cl[i,/] = x', hence (38b) holds. 

• Pick C G n;^^j^(S(Q)) and u,y,x and x' s.t. the right side of (38b) holds. 

• It is easy to see that the first two lines of the conjunction in (14c) (resp. (38a)) hold with this choice and C = a;|rn • 

hence (38a) holds. ' 

• Using (8) there exist (w,^) and A: G No s.t. C = We can therefore choose all signals in (39a) and (39b) 

equivalent to (w.f) and x = ^{k) as well as x' = ^{k + 1), giving x G E^"*(a:), x' G E^”‘(a:) and {x,u,y,x') G S. With this 
the last line of the conjunction in (14c) holds, hence {x,u,y,x') G <5^™. □ 


B. Proof of Thm. 1 

1. ) Show‘s C 

Pick w G B\ fL,v s.t. TTwiPji') = w|[o,oo) ^ s.t. Vfc G No . ^{k) = To show the first line of (4), 

recall that for all fc < 0 and uj G B{Q) we have uj{k) = o. Therefore, (9) and (8) imply w|[m-i,m] G S(Q)|[m-i.m]- 
Hence, there exists {uj',^')gBs{Q) s.t. w'|[m-i.m] = ^\[m-i,m] and therefore G E^’"(5'(0)) with ^'(0) G Xq 

(from (12)), hence ^(0) G Xq”' (from (14b)). The second line of (4) follows from the choice of ^ and (38b), as (9) implies 
VA) G No . G n^^2(^(Q))- 

2. ) Show BiQ^'rn) CB^: 

Pick G Bf{Q^'") and w s.t. Trwip,i') = w|[o,oo) and Vfc < 0 . a5(A:) = o. To show w G B'', observe that the second 

line of (9) follows directly from (38b) and the second line of (4), if we pick ^ accordingly. Using VA: < 0 . a5(fc) = o the 
second line of (9) immediately implies the first. 


C. Proof of Thm. 2 

First observe from (12) and (14a) that 

= U 6(Q)|[fc_i+„,fc+„_i] C {o}' un;(S(Q)) (40) 

fceNo 

where equality only holds for to = 0. Using (9b) we therefore have X^^ = {o}*un;(6*) = X^. Furthermore, observe from (12) 
that X^° = B(Q)|[_;^_i] = {o}* = Xq. Finally, it follows from Lem. 3 that {x,u,y,x') G iff x' = (a;|[o_i_i] • w) = 
{x ■ w) and a;|[o^i_i] ■ w = x ■ w G n;^^(6(Q)) = what proves the statement. 


^As before, denotes the extension of )) to Z. 
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D. Proof of Thm. 3 

(i) To see that (7a) always holds for TZ, observe that for all x € Xq there exists ( € (from (5a) and (12)), hence 

1 

C G (from (14b)). It remains to show that (7b) holds for TZ and 17 x F iff Q is future unique w.r.t. We show both 
directions separately: 

“<^=” : ^ ^ 

Pick (a;,a;) G 7?.^™, i.e., x G E^"‘(a;) and u,y,x' s.t. {x,u,y,x') G S. Then it follows from (12) and (4) that (39a) and (39c) 
holds, hence 

= (cc,e) {to",a G BsiQ). (41) 

Now pick x' = and observe that ^{k + 1) = ^”{k + 1) = x' implies x' G E^’”(a;'). Furthermore, 

^{k) = ^{k) = X implies ui\[k+m-i,k+ 7 n-i] G E^™(a:). Now observe that ui\[k+m,-i,k-i] = uj\[k+m-i,k-i]- Therefore using 
(13) implies x = uj\[k+m,-i,k+ni-i] = oj\[k+m-i,k+m,-i], hence s|[i,/_i] = ^'|[o,/- 2 ]- With this and ui{k) = nw{u,y) follows 
that (14c) holds, hence (x,u,y,x') G 

- Pick a; G TO > 0 (as Q is always future unique w.r.t. Iq) and C, C' G E^’”(a;). Using (12) there exist (uj,^)€Bs{Q) and 
k s.t. X = ^{k') and = co\^k+m—i,k+m—i]- 

- Now pick x' = ^'{k + 1) and u,y s.t. TTw{u,y) = w(fc) = ('{I — to) and observe that {x,u,y,x') G and ( = 
C'|[i,i-i] • w'(fc + TO) G E^-(x'). 

- As 7^ G there exists (" G E^"'{x') s.t. {(, u, y, (") G S^"'. Using (14c) this implies that ({l—m) = ttw{u, y), 

hence ({I - to) = ('{I - to), and Cl[i,i-i] = C"l[o.i- 2 ]- 

- As 1 ^, C" G E^”* {x') we can apply the same reasoning as before (substituting x by x' and by C") and immediately 

obtain (,"{1 — to) = C{1 — m) = ('{I — to + 1). As C|[i ;_i] = C”l[o,i- 2 ] we therefore have C(/ — to + 1) = ('{I — to + 1). 
Applying this process iteratively therefore yields ;_i] = what proves the statement. 

(ii) First observe that (7a) always holds for TZ~^ as we can pick x G TCq"* and (14b) implies the existence of x G Xq s.t. 
^ g E^'"(x). It remains to show that (7b) holds for TZ~^ and Y iff Q is state-based asynchronously (-complete w.r.t. We 
show both directions separately: 

• 1 - i 

- Pick {x,x) G TZ~^, i.e., x G E^'"(x) and u,y,x' s.t. {x,u,y,x') G <5^™. Then it follows from (38b) that there exists 

C G n;_,_^(B(Q)) s.t. CI[o.i-i] = X, Cl[i,i] = x' and 7ry(M, j/) = ({I — to). Using (15) this implies that ^ G (x), hence 

there exists (oo,^) G BsiQ) and fc G No s.t. x = ^(fc) and ( = uj\[k+m-i,k+ 7 n]- 

- Now pick x' = ^{k + 1) and observe that x' G E^’"(x'), hence (x',x') G TZ~^. Furthermore, (4) implies the existence of u' 
and y' s.t. {x,u',y',x') G S and TTwiu',y') = w, what proves the statement. 

- Pick X € X and ( G ni+i(S(Q)) s.t. C|[o,i_i] G E "•(x). Furthermore define x = C|[o,i-i] and x' = Cl[i.i] and w = ({l — m) 
and observe from (38b) that there exists u and y s.t. {x,u,y,x') G and Trwiu,y) = w and observe that (x,x) G TZ~^. 

- As TZ~^ G Q) we know that there exist x' and u' and y' s.t. (x,u',y',x') G <), Trwiu',y') = w and x' G E^’"(x'). 

- With this we know that (39) holds, hence C = Cj\]j^^m-i,k+m\ and x = f(fc) and therefore C G Ef’”“*’’”^(x). 


E. Proof of Thm. 4 
Lemma 4. Given (6) let 

VC G ({o} U 1U)'+^ 

Then 


( CIm G{o}'un,+,(6(Q))\ 

l^AC|[i,+i] Gn,+,(B(Q)) ) 


^CGn;+2(6(Q)). 


(42) ^ S' = S'+^ 


(42) 


Proof. : Recall that C S' always holds. To prove S' C we pick w G S' and recall from (9) that Vfc G 

No . w|[fc_;_fc]Gn;_,_^(S(Q)). Therefore, (42) implies VfcGNo . ijj\\k-i-i,k]^Bi+ 2 iBiQ)), hence w G S'+^. 

: First observe that (42) always holds if CI[o,i] G {<>}'. We therefore pick C s.t. CI[o,i] G n;_|_j^(S(Q)) and C|[i,i-i-i] G 
n;_|_i(S(Q)). Using (9b), this implies the existence of w, w' G & and fc, fc' G No s.t. (jj\^-i^k] = CI[o,i] and oj'\[k'-i^k'\ = Cl[i.i+i]- 
Picking w" = w A^, w it is easily verified that oj" G S' and = C- As S' = we obtain C = (jj"\[k-i,k+i] G 

B^^^\[k-i,k+i] U 7ri+2 = n;_|_ 2 (S(Q)), what proves the statement . □ 
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Proof of Thm. 4: We show both statements separately. 

(i) To show that (7a) holds for TZ, let xi+i € Tfg'" and pick xi = x;+i|[i jj, i.e., {xi+i,xi) G TZ. Now it follows from (14b) 
that there exists x G Xq s.t. xi+i G E (x). Now (12) implies that xi G E ™(a;), hence xi G Xq'" (from (14b)). 

To show that (7b) holds for JZ, we pick (xi+i,xi) G TZ, u, y, w and x[_^-^, xj s.t. {xi+i,u,y,x'i_^^-^) G (5^”* , xj = xj_|_il[i,i] 
(i.e., {x'i_^_i,x'i) G TZ) and w = TTw{u,y). Now using (38b) for Z + 1 gives 

I [0,1—m] ~ (^1+11 [0,1 —m] * to) 

^l+l\[l+l — m,l] (ttl ' l[l+l—m,l —1]) l[0,m —1] 

21;+l|[0,l—m] ■ W ■ X;_|_2^|[;_|_l_m,;] G Tli_^2i^{Q)) ■ 

Now using Xi = x;+i|[i_i] and xj = x;_^il[i,q yields 

^ll[0,/ —m —1] (^11 [0,1—m—1] * 

^l|[l—m,l —1] (f^ ' ^11 [1—m,l—2]) l[0,m —1] 

Xi\[o^l_m-l] ■ W ■ x'i\[i_m,l-l] G 

By using Lem. 3 again this proves the statement. 


_ 

(ii) To see that (7a) always holds for TZ~^ we pick xi G Xq'" and observe from (14b) that there exists an x € Xq s.t. 
xi G E^’"(x). Using (12) this implies the existence of (u,^) G Bs(Q) s.t. ^(0) = x and xi = a;|[m-i,m-i]- Now pick 

xi +1 = u;|[m-i-i,m-i] and observe that xi+i G E ™ (x), hence Xm+i G Xg” (from (14b)) and (xi,xi+i) G TZ~'^ (from 
(17)). It remains to show that (7b) holds for TZ~^ iff (42) holds. We show both directions separately: 


- Pick (xi,xi+i) G TZ u, y, w and xj+i, xj s.t. {xi,u,y,x'i) G x'lj^^ = xi(0) • xj (i.e., (xj^;^,xj) G TZ) and 
w = TTw{u,y). 

- Now using (38b) implies the existence of C G n;_|_j^(B(Q)) s.t. C|[o,i-i[ = xi, Cl[i,i] = ^'i and w = ({I — m), hence 

x'lj^^ = C, G Ili^^{B{Q)). Furthermore, recall that xi+i G C {o}* U (from (40)). Therefore, we can apply 

Lem. 4 and obtain G n;^2('^(2)) s4. C1[o,i] = ^i+i. C1[i,i+i] = ^i+i and w = ('{I + 1 — m). 

- Using (38b) again this implies the existence of u', y' s.t. w = 'kwW, y') and (xi+i, ti', t/', xj_|_]^) G , what proves the 
statement. 


- Pick C s.t. CI[o,i] G U n;^^(i3(Q)) and Cl[i,i+i] G Ui_^_^{B{Q)). Furthermore, define xi = Cl[i,i] and xj = Cl[ 2 ,i] and 
w = (^{l — m + 1). 

- With this choice (38b) implies the existence of u, y s.t. w = TTwiu,y) and (xi,u,y,x'i) G 

- Now observe that (xi,CI[o,i]) G TZ~^ and recall that 7?,~^G9i^^(Q^™, hence we know that there exists C', u', y' s.t. 

(Cl[o,i],'w',2/',C') G 5^- , TTw{u',y') = w = Cil-m + l) and xj = C'l[i,i]. hence C' = Cl[i,i+i]- 

- Now using (38b) for I + 1 implies C G what proves the statement. 


F. Proof of Thm. 5 
Lemma 5. Given (6) let 

VC,C'Gn;+i(S(Q)). (c|[o,i-i]=C'l[o,i-i] ^ C=C') • (43) 

Then 

^ j 2 future unique w.r.t. \ 

\/\Q is state-based asynch. l-complete w.r.t. I^y 

Proof. We show all statements separately. 

. Show (43) ^ (13): 

- Pick X G X and G E^’^i(x) and observe from (12) that there exist (w, C), (w', CO G fis(Q) and k,k' G No s.t. 

C(fc) = C(fcO = a:, U}\[k-i+m-vi,k-vm] = C and uj'\[k>-i+m+ik'-vm] = CO hence = (u;,C) (w',C0Gi3s(Q); - Now 

pick C = w|[ic-i,fe] and C^ = w”|[ic-i,fc] and observe that C0[o,i-i] = CI[o,i-i]- Using (43) we therefore have C = CO hence 
uj{k) = C(Z — TO + 1) = ('{I — TO + 1) = uj"{k). 

- Now we can pick C = (jj\[k-i+i,kJri\ and C,' = uj"\[k-i+i.k+i] and (by reusing the above argument) obtain uj(k) = — 

2) = C,'{1 — TO + 2) = oj"{k). Iteratively applying the above reasoning therefore yields C|[i-m+i,z] = C0[i-m+i,q- 

. Show (43) =» (15): 

- Pick X G X, C G n;_,_^(B(Q)) s.t. CI[o,i-i] G E^'"(x) and observe from (12) that there exist (tj:,^)GBs(Q) and fc G No s.t. 
C(A:) = C(^ ) = X and cu|[/,;— 1 [ = C|[o,z—i]- 

- Now pick C' = ixi\^k-i+m,k+m\ and observe that C' G eI™"'’™! (x), CI[o,i-i] = C'l[o,i-i] and C' G n;^^(B(Q)). 
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- Using (43) we have C = therefore C S 

. Show (13) A (15) ^(43): 

- Pick C, C' S s.t. C|[o^/_i] = C^|[o,i-i] and observe that this implies C|[o^i_i] € n;(i3(Q)). Hence, there exists 

X € X s.t. CI[ 0 . 1 - 1 ] e E^-(x) = 

- Using (15) we know that C,C' G (cc), which implies Cl[i,i]) C^l[i,i] € E^”^i(a;) (from (12)). With this (13) implies 

Cl[i.i] = C'l[i.i], hence C = C'- □ 

Proof of Thm. 5: We show both statements separately. 

(i) To show that (7a) holds for 7^ pick Xm+i & and = o • ^m+i|[o,/- 2 ], implying ^m+i|[o./- 2 ] = ^m|[i,/-i] (i-e., 

(xm+i,a;m) G TP). Now it follows from (14b) that there exists an x G Xq s.t. Xm+i G E^"^i(x) and it can be easily observed 

^ n-l ^ 

from (12) that Xm G E "“(x), hence Xm G Xq”' (from (14b)). It remains to show that (7b) holds for TZ. 

- Pick (xm+i,aim) G TZ, u, y, w and x^+i s.t. (xm+i,u,y,x'^_^_i) G and w = 'Kw{u,y). Using (14c) this implies 

= x'^+i\[o,i- 2 ] and Xm+i{l -m-l)=w. 

- Now pick x^ = Xm+i implying that the first two lines in (38a) hold and Xm) G TZ . Therefore (18) and (12) imply the 

existence o_f (w,^), (w',f )gBs(Q), k,k' G Nq s.t. ^(fc) = f(fc') = x, Xm=uj\[k+m-i,k+-m-i] and x'^=u}'\ik’+m+i-i,k'+m], 
hence (w,!) = (w,^) A^, G BsiQ) and ^\[k+m—l,k+m] | [0,Z—m—1] * I [/—m—1,^ —1] • 

- As x'^{l - m-1) = Xjn+iil -m-1) =w this implies Xm\[o,i-m-i] ■ w ^x'^\[i_m,i-i] G Using (38a) this 

implies the existence of u' and y' s.t. TTw{u\y') = w and (xm,u',y',x'^) G 5^"'. It remains to show that ix'm+l,x'm) € TZ. 

■ Recall that xJ„_|_;^|[o,i- 2 ] = Xm+i|[i,i-i] = Xml[i7-i]’ hence the first line in (18) holds. 

• To see that the second line in (18) also holds, observe that (xm+i,u,y,x^+i) € and (38b) implies the existence 

of C G n;^^(S(Q)) s.t. Xm+i = CI[o,i-i] and = Cl[i,i]- We can therefore pick (w,^) G Bs{Q), x and k s.t. 

^\[k+(^m+i)-i.k+{m+i)] = ^™+il[o.o] • x '^+1 and i = + 1) and have x'^^^ G E^'-n(i) and x'^ = Xm+i G E^™(i). 

(ii) To see that (7a) always holds for TZ~^, pick Xm G Xq'" and recall from (14b) that there exists an x G Xq s.t. Xm G E'^'"(x). 

Using (12) this implies the existence of (u;,^)gBs(Q) s.t. ^(0) = x and Xm = Using Xm+i = uj\{m+i-i,m] 

therefore yields Xm+i G E^”^i(x), hence Xm+i G Xg"^^ (from (14b)) and (xm,Xm+i) G TZ~^ (from (18)). It remains to 
show that (7b) holds for TZ~^ iff (43) holds. We show both statements separately. 

- Pick (xm,Xm+i) G TZ~^, u, y, w and xj„ s.t. {xm,u,y,x'^) G and w = T:w{u,y). Using (38b) this implies the 
existence of C G Bi^^{B{Q)) s.t. x^ = CI[o.i-i]> = Cl[i.i] and w = ({1 - m). 

- Now let Q' = Xm|[o,o] ' Xm+i and observe that C|[o,;-i] = CI[o.i-i] and therefore C = C (from (43)), hence Xm+i = x^- 

- As C' G n;+i(S(Q)) we can pick (w, |) G Bs{Q), i and k s.t. = C- Now pick C" = 

and observe that Xm+i = C”l[o,i-i] and ("{I — m — 1) = w. Therefore choosing x^_|_i = C”l[i,i] and using (38b) implies the 
existence of u' and y' s.t. {xm+i,u',y',x'^j^fj G and ttw{u', y') = w. 

- Furthermore, observe that choosing x = + 1) implies x^+i G E^”^i(x) and x^ = Xm+i G E^'"(x), hence 


(a 


771 5 ^m+1 


) e7^- 


- Pick C,C' G Bi^iiBiQ)) s.t. CI[o,i-i] = C'l[o.i-i] and pick Xm = CI[o.i-i] = C'l[o.i-i], = Cl[i.i], ^m+i = C'l[i.i] 

and w = (^{l — m). Using (38b) this implies the existence of u, y s.t. {xm,u, y, x^) G and w = TTwiu, y). Using the same 
reasoning as before it furthermore holds that {Xm,Xm+l) GTZ ^ as C' G Ill_^_J^{B{Q)). 

- As TZ~^ G we know that there exist u',y',x'^^i s.t. (xm+i, m', y',xj„_i_i) G w = t:w{u', y') and 

{x'^,x'^+f)GTZ-\ 

- Now let ( = 1 implying m = 0 (as m < 1). Then (14c) implies w = Xm+i(l) and therefore C(l) = w = Xm+i(l) = C^(l) 
implying C = C'- 

- Now let / > 1 and observe that Xm+i|[i,i-i] = x^+il[o,i- 2 ] = aiml[i.i-i] (from (14c) and (18)). Therefore C(0 = = 

Xm+i{l - 1) = C(0' holds, giving C = C'- 


G. Proof of Prop. 2 

• ( = 1; Recall that X\ = [0,0] and observe that (3), (4), (12) and W = Y implies E^i (x) = H5(x). Hence, (24) holds for 
I = 1 from (21a). 

• (/ — 1) —> Assume that 


= |(e^'-i) (V) 

holds. Using (3), (4), (12) and W = V again we obtain 


V G 2xy 


(44) 


ccei».‘-ax) « 
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implying 


<^vc € (r)' . (c G ^ C G e[°’'"^'(x')) 

yyGY,V€ .| 

3i e ^ 

L 3i' 

/ H5(x)=H5(x') 

{x}nTj\z')^ 




[V)^u G U . {x,u,y,x) € S =^| 

3i' e ~{V),u' €U . (x', u', y, x') € S 

\ 

f^X 7'\ -X n\ . 

A'iZ' G 


V 


L* \ 


{x'}rM:^\z')^% ) 

where the last equality follows from (44) and (3). With this we obtain from (22b) that 


Z G 


I'eIE'-i]^ (E) 


V G 2^^)' 


Vcc, cc' G Z . eIE'-i] ^ E[o,i-i] 

Vx,x' G Z . H 5 (x) = H 5 (x') 

' AVZ'G$'-i . (Z n Tj\Z') ^ 0 => Z C Tj\Z')) 

\/x,x' G Z . H 5 (x) = H 5 (x') 

AZ G 




Z G 

where the last equality follows from (22a) . 


H. Proof of Thm. 6 

The proof of part (i) follows the same lines as the proof in [11], Thm. 4.18. and is therefore omitted. For part (ii) first observe 
that (7a) always holds for Tl~^, as we can pick x G and obtain from (25b) that there exists x G Xq s.t. x = E^‘ (x). To 
prove that (7b) holds for Tir^ iff is a fixed-point of (21), observe that (7b) holds for TZ~^ and Y iff for all x,x',u,y,x 
holds 


X = E^‘ (x) 
A(x,u,y,x')G^^ 


3x\ 


x' = E^' [x') 
A(x, u', y, x')€S 


Now let Z = 


(e^') (J) and Z' = 
statement is equivalent to 

yz,z' .znTf^(z') f 

Using Prop. 2 and (22c) this proves the statement. 


^E^'^ {x'). As (3) holds for Q, using (25c), it can be easily verified that the previous 

^ZCTJ\Z'). 


I. Proof of Thm. 7 

Lemma 6. Given (6) and as in Def. 10,it holds that 

VUG2(^)',r<( . (e^') (U) C (e^^-)^U|[o,( 45a) 
and {x,u,y,x') G ^ ^ (45b) 

^ ^ e a;|[o,o] J 

Proof (a) Pick x G (e^'^ (V). Using (12) this implies that for all ^ G U there exists (a;,^) G Bs{Q), A: G No s.t. x = ^{k) 
and C = u;|[fc fc+;_i]. Now observe, that for every choice of ( it holds that (^|[o,i-r-i] G U|[o^i_r._i]. Using the same choice of 

signals (w,^) and k this immediately implies that x G I E j (U|[o^i_r._i]), what proves the statement. 

(b) Pick x,x',u,y s.t. {x,u,y,x') G and define Z =: ^E^'^ (x) and Z' =: {x'). 
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- Using (25c) this implies that there exists x G Z s.t. y € H 5 (a;). Furthermore, using (45a) we know that x € (a;|[o,o])- 

As (x) = H 5 (x) this implies y G ai|[o,o]- 

- Let Z' = recall from (45a) that Z' C Z' implying T^^(Z') C TJ^{Z'). Using (25c) and (2b) we 

know that (x,u,y,x') G implies Z n T^^(Z') ^ 0. Hence, Z n T^^(Z') ^ 0 and therefore (using (22b)) Z C T^^(Z'). 
This implies that 

Vx G Z . 3x' € T5 (x) . x'|[0,z_2] = e[°’'-21(x'). (46) 

Now it follows from (12) that x|[i ;_i] = Ua;eTj(z) e[°’' 2l(x) implying x'|[o,i_ 2 ] C x|[i_,_i]. □ 

Proof of Thm. 7: Pick v G and observe from (4) that there exist (/r, s.t. ^(0) G ATg^ and 

Vfc G No . {^{k),y{k), v(k),^(k + 1)) G Using (45b) we know that for all /c G No it holds that ^(fc+l)|[o,i- 2 ] ^ C(fc)l[i.i-i] 
and v(k) G ^(fc)|[o,o]- Applying these equations iteratively yields G m- 

Furthermore, we can use (25c) and (4) to pick {v',^') GBs{Q) and k' G No s.t. v'fk') =v{k), ^(fc) = E^'(^'(fc')) and 
^{k + 1)=E^' {^'{k' + 1)). Using these signals, G ^(fc) implies 

3{v'\e)^Bs{Q)X ■ = 

Using (37) we now obtain v = v" a'^,' v' A^t'^ v'" G B{Q) where v\[k,k+i] = r'l[fc'.fc'+i], hence G 

Using (9) it remains to show that r'|[_ip] G H(Q)|[_;_o]- Observe from (25b) and (12) that ^(0) G Xg^ implies ^(0) C 

7ry(S/(Q))|[o,i_i], hence 0|[o.i-i] € H(Q)|[o,i_i]. As Vfc < 0 . v{k) = o we therefore have v\[-ro\ G H(Q)|[_i,o]- 


J. Proof of Thm. 8 

(i) To see that (7a) always holds for TZ pick C, G X^L Then it follows from (14b) that there exists x G Xo s.t. C G E^'(x). 
Now using y = E^' (x) implies y G Xjf. It remains to show that (7b) holds for TZ and lU = X iff is domino consistent. 
We show both directions separately: 

Pick C e Ili_^_^{B{Q)) and y G s.t. C = CI[o.i-i] G y (hence {C,y) G and pick C' = Cl[i,z] and y = C(0). 
Then it follows from (38b) that there exits u s.t. {C,,u,y,C,')G^G As 7?. G i'- follows from (7b) and (25c) 

E ' ) (y), u' and x' s.t. {x,u,y,x')G6 and (' G E '(x'). Now it follows immediately from (12) that 
y ■ (^' = ( G E^°’*l(a;), what proves the statement. 

Pick (C, y) G TZ, i.e., C G y and u, y, C,' s.t. (C, u, y, (') G 6^‘. Now it follows from (38b) that there exists C," = y ■ C,' G 
n;_|_i(B(Q)) with C”l[o,i] = C G y. Using (30) therefore implies the existence of xG^E^'^ {y) s.t. y ■ C'GEl°’^l(a;). Using 

(12) this implies that there exists G Bs{Q) and k' G No s.t. y = E^‘{^'{k')) and (' G E^'(^'(fc' + 1)). Choosing 

y' = E^'(^'(fc' + 1)) therefore implies C' G y' (hence (C^yO G TZ). Moreover, using (25c) with x = ^'{k'), x' = ^'{k' + 1) 
and u' = y'{k') immediately implies {y,u',y,Tf)G'^'^ , what proves the statement. 


(ii) We show both directions separately. 

Let TZ^‘ and TZ^ be equivalent to the relations in (16) and (26) (with m = T), respectively. Using TZ as in (31) it is easily 
verified that 

(a:,y)G7^^ 

\A(y,x)G7^■l 


7^^o7^-G=7 (x,x)gXxXA 


3yGX'^. 




Using the transitivity of simulation relations therefore gives 

/ TZ^G9\y{Q,Q^^) \ 


o TZ~^=TZ^'Gd\y{Q, Q^‘) 

Q is future unique w.r.t. I; 


where the last implication follows from Thm. 6. 

It follows from (13) and m = I that for all x G X holds E^‘ (x) f 0 ^ |E^' (x)| 
implies |y| = 1 for all y G X*^. Therefore (31) becomes 


TZ = 




1. Using (25 a) this immediately 


(47) 
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To see that (7a) holds for TZ ^ pick y € and observe from (25b) that there exists x G Xq s.t. y = (a;). By choosing 

C G y we obtain C G E^‘ (x), i.e., ( G Xg‘ (from (14b)). 

To sow that (7b) holds for 7Z~^ we pick (y, G 7Z~^, i.e., y = {^} and u, y, y', s.t. {y, u, y, y') G and y' = {^'}. Using 
(47) this immediately implies that (y', C') € TZ~^. Now (25c) implies the existence of x, x' s.t. {C} = (x), {C'} = E^‘ (x') 

and {x,u,y,x') G 6. Using (14c) this immediately implies {(,u,yX') € what proves the statement. 

K. Proof of Prop. 3 

First observe that (i) follows from Cor. 2, (ii) follows from (47) in the proof of Thm. 8 and (iv) follows from (iii) using Thm. 3 
and Thm. 6. Hence, we only prove (iii). Let TZ be defined as in (33) and observe that (47) implies 

=\^{V,x)gX^'^ xX U=E^'(x)} = {TZ^^y^ 

7^o(7^''')"^=|(C,x)eX^''xX 3VGy^ . 

={(C,x)€X^'xX CeE^'(a;)} = 7^' 

With this observations (iii) follows immediately from the transitivity of simulation relations. 



